CVE-1999-0818

Vulnerability

The kcms_configure binary, part of the Kodak Color Management System package in Solaris, is vulnerable to a local buffer overflow. This vulnerability exists because the buffer where the NETPATH environment variable's contents are copied has a fixed size. If this size is exceeded, the stack can be corrupted. The kcms_configure binary is installed setuid root. Affected versions include Solaris 7.0 [1].

Exploitation

An attacker with local access to the system can exploit this vulnerability by setting the NETPATH environment variable to a value exceeding the buffer's capacity. This overflow corrupts the stack, allowing an attacker to execute arbitrary code. The exploit requires the attacker to know the stack pointer and adjust the return address to point to the injected shellcode [1].

Impact

Successful exploitation of the kcms_configure buffer overflow allows a local attacker to execute arbitrary code with root privileges. This results in a full local privilege escalation, granting the attacker complete control over the affected system [1].

Mitigation

This vulnerability is addressed in patched versions of Solaris. Users should update to a fixed version of the operating system. No specific patch version or release date is available in the provided references, and no workarounds are described [1].